Windows Analysis Report
SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe

ID:	1431790
Product:	CloudBasic
Start time:	19:23:11
Start date:	25.04.2024
Sample:	SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	9ec45fd755974a8b50342ee6dd8205e7
SHA1:	76f0aeb1891a895cee93aad524d37cc444344dbc
SHA256:	d67de542a7c8c3535b0a79589d4ba10880bd97e4c126038c13a2efaa5d854a64
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Name	Type	MD5	SHA1	SHA256
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_cd747641856f9a2967ad14e23498f88a3b0c989_9a399071_2b80367a-b9a8-4c78-9d2c-1ef668460b7e\Report.wer	Unicode text, UTF-16, little-endian text, with CRLF line terminators	DF8BB1D5820047E81EA884C464C5A459	D179B650A3C8D538D96D2C1F0650917EFB91672D	11A02BD41968AF98D215783F2C553F56F83A8A2F441E6E3B1B74C3C32EDB2678
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA9A8.tmp.dmp	Mini DuMP crash report, 14 streams, Thu Apr 25 17:24:18 2024, 0x1205a4 type	31DE7DB0DA0EDAEB4F71F17F396E6FB8	55929AAD5F4221ADA00748E3594364F678B1D1B2	10E9502F495D2F70F814A256C93D558A76FE4FC7A467CB26189F00F6B9C72D7C
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAA07.tmp.WERInternalMetadata.xml	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators	79F9CAAECAA920EBE94456E14B445FE4	694B07797DAF37E0E3649748BD7DDE69DB9370E4	9D893B887F670C4D102995AC28A1724466013EC606E2C99EAD3690D82C5793EE
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAA75.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	6E496F195ECACA78E4859B2785A87E02	62D0C26B5147A41A43D772501ACB7A5B02BC518C	CD843C2B8D473B3E6CC248F1A3F83CBCFB8A7786D6499C0172644D61FAA96B91
C:\Windows\appcompat\Programs\Amcache.hve	MS Windows registry file, NT/2000 or above	E6AEA3AE2515A1F1B2FBB1622F6182C9	E9B7AB7E5069A0D0C3E70488DFDEEB49CFAE101D	92385230053383119C48E66D56D48F5106EB2066D8BF69B0B13D06DFC625BF81

AV Detection

Source: SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe

Avira: detected

Source: SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe

ReversingLabs: Detection: 28%

Compliance

Source: SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, DEBUG_STRIPPED, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP, BYTES_REVERSED_HI

Networking

Source: SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe	String found in binary or memory: http://InetURL:/1.0
Source: Amcache.hve.4.dr	String found in binary or memory: http://upx.sf.net
Source: SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe	String found in binary or memory: http://www.clamav.net
Source: SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe	String found in binary or memory: http://www.indyproject.org/

System Summary

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe

Code function: 0_2_0040BC60

0_2_0040BC60

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 232

Source: SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe

Static PE information: No import functions for PE file found

Source: SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, DEBUG_STRIPPED, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP, BYTES_REVERSED_HI

Source: classification engine

Classification label: mal60.evad.winEXE@2/5@0/0

Source: C:\Windows\SysWOW64\WerFault.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3108

Source: C:\Windows\SysWOW64\WerFault.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\01f267ee-3f06-4755-889e-069247feae51

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe

ReversingLabs: Detection: 28%

Source: SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe	String found in binary or memory: NATS-SEFI-ADD
Source: SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe	String found in binary or memory: NATS-DANO-ADD
Source: SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe	String found in binary or memory: jp-ocr-b-add
Source: SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe	String found in binary or memory: JIS_C6229-1984-b-add
Source: SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe	String found in binary or memory: jp-ocr-hand-add
Source: SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe	String found in binary or memory: JIS_C6229-1984-hand-add
Source: SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe	String found in binary or memory: ISO_6937-2-add
Source: SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe	String found in binary or memory: NATS-SEFI-ADD
Source: SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe	String found in binary or memory: NATS-DANO-ADD
Source: SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe	String found in binary or memory: JIS_C6229-1984-b-add
Source: SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe	String found in binary or memory: jp-ocr-b-add
Source: SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe	String found in binary or memory: JIS_C6229-1984-hand-add
Source: SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe	String found in binary or memory: jp-ocr-hand-add
Source: SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe	String found in binary or memory: ISO_6937-2-add

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 232

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe

Section loaded: apphelp.dll

Jump to behavior

Source: SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe

Static file information: File size 3121152 > 1048576

Source: SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x27d000

Data Obfuscation

Source: SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe

Static PE information: section name: .didata

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe	Code function: 0_2_0040E976 push ecx; mov dword ptr [esp], edx		0_2_0040E979
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe	Code function: 0_2_0040E918 push ecx; mov dword ptr [esp], edx		0_2_0040E919
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe	Code function: 0_2_0040E924 push ecx; mov dword ptr [esp], edx		0_2_0040E925
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe	Code function: 0_2_0040E930 push ecx; mov dword ptr [esp], edx		0_2_0040E931
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe	Code function: 0_2_0040E99C push ecx; mov dword ptr [esp], edx		0_2_0040E99D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe	Code function: 0_2_0040E9BE push ecx; mov dword ptr [esp], edx		0_2_0040E9C1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe	Code function: 0_2_00411A2A push ecx; mov dword ptr [esp], edx		0_2_00411A2D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe	Code function: 0_2_0040EAC8 push ecx; mov dword ptr [esp], edx		0_2_0040EAC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe	Code function: 0_2_0040EAB0 push ecx; mov dword ptr [esp], edx		0_2_0040EAB1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe	Code function: 0_2_0040E300 push ecx; mov dword ptr [esp], edx		0_2_0040E301
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe	Code function: 0_2_00410F5E push ecx; mov dword ptr [esp], eax		0_2_00410F61
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe	Code function: 0_2_00411702 push ecx; mov dword ptr [esp], ecx		0_2_00411709
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe	Code function: 0_2_00406F04 push ecx; mov dword ptr [esp], eax		0_2_00406F05

Hooking and other Techniques for Hiding and Protection

Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Malware Analysis System Evasion

Source: SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe	Binary or memory string: OLLYDBG.EXE
Source: SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe	Binary or memory string: WIRESHARK.EXE

Source: Amcache.hve.4.dr	Binary or memory string: VMware
Source: Amcache.hve.4.dr	Binary or memory string: VMware-42 27 b7 a3 1e b0 86 f3-0a fe 06 07 d0 80 07 92
Source: Amcache.hve.4.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.4.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.4.dr	Binary or memory string: VMware, Inc.
Source: Amcache.hve.4.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.4.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.4.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.4.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.4.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.4.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.4.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.4.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.4.dr	Binary or memory string: vmci.sys
Source: Amcache.hve.4.dr	Binary or memory string: vmci.syshbin`
Source: Amcache.hve.4.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.4.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.4.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.4.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.4.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.4.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.4.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.4.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.4.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.4.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.4.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.4.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.4.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.4.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563

Anti Debugging

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe

Process queried: DebugPort

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe

Code function: 0_2_0040F4EC LdrInitializeThunk,

0_2_0040F4EC

Language, Device and Operating System Detection

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe

Code function: 0_2_00408020 cpuid

0_2_00408020

Lowering of HIPS / PFW / Operating System Security Settings

Source: Amcache.hve.4.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.4.dr	Binary or memory string: msmpeng.exe
Source: SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe, SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe, 00000000.00000000.1353169784.0000000000401000.00000020.00000001.01000000.00000003.sdmp	Binary or memory string: wireshark.exe
Source: Amcache.hve.4.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.4.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
Source: Amcache.hve.4.dr	Binary or memory string: MsMpEng.exe
Source: SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe, SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.28277.5978.exe, 00000000.00000000.1353169784.0000000000401000.00000020.00000001.01000000.00000003.sdmp	Binary or memory string: ollydbg.exe